This is really doing my head in!!

Discussion in 'adware, spyware & hijack cleaning' started by gbhome, Jul 10, 2004.

Thread Status:
Not open for further replies.
  1. gbhome

    gbhome Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    3
    Okay, so my browser keeps taking itself to http://www.unixshellz.info/antitrust/

    The page has the following source:
    <Title>GET PAID PER CLICK!</TITLE>
    WANT TO EARN LOTS IN A MONTH?JOIN MEDIATICKETS NOW!
    WE PAY DAILY TO YOU VIA PAYPAL,WU,EGOLD,BANK TRANSFER,CHEQUE!
    YOUR CHOICE.JUST DRIVE TRAFFIC TO US!

    <!-- BEGIN MEDIATICKETS HEADER -->
    <iframe id="content" style="position:absolute; visibility:hidden;"></iframe>
    <script language="JavaScript" src="http://www.mt-download.com/mtrslib2.js"></script>
    <script language="JavaScript">
    mtrslib_uid = '2411';
    mtrslib_retry = 3;
    mt_set_onload();
    </script>
    <!-- END MEDIATICKETS HEADER -->
    <!-- text below generated by server. PLEASE REMOVE --><!-- Counter/Statistics data collection code --><script language="JavaScript" src="http://hostingprod.com/js_source/geov2.js"></script><script language="javascript">geovisit();</script><noscript><img src="http://visit.webhosting.yahoo.com/visit.gif?us1089462515" alt="setstats" border="0" width="1" height="1"></noscript>
    <IMG SRC="http://geo.yahoo.com/serv?s=46709683&t=1089462515" ALT=1 WIDTH=1 HEIGHT=1>


    Now I've added it to my Restircted sites, I've run Spybot S&D, Splyblaster and Ad-aware and still have had no joy in preventing this happening.

    The question is, if I get a firewall, etc, will this help??

    Here's my Hijack This log:
    Logfile of HijackThis v1.98.0
    Scan saved at 13:43:57, on 10/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Clevo\AutoMailChkr\MailChkr.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\video_32sD.exe
    C:\WINDOWS\System32\wserv32.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\IEEE 802.11b WLAN Utility(USB)\EnDisEU3.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuamgrd.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Aneil Saraf\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-gb\msntb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AutoMailChecker] C:\Program Files\Clevo\AutoMailChkr\MailChkr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKLM\..\Run: [Microsoft Update] wserv32.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wserv32.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKCU\..\Run: [Microsoft Update] wserv32.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: EnDisEU3.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://netgil.chevrontexaco.com/ica32/wficat.cab

    Thanks in advance for your help!!
     
  2. gbhome

    gbhome Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    3
    Guys??

    This problem is getting really bad - HELP!!!!

    I don't even know if this is categorised as a virus, or a hijacker or what?! Was thinking of maybe getting a Norton Firewall or something - anyone any thoughts?? I've gotta stop this, it's making my computer useless to use!!

    Help please!!1 :'( :'(
     
  3. gbhome

    gbhome Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    3
Thread Status:
Not open for further replies.